Visionary cybersecurity leader Steven Katz, known as “The World’s First CISO,” died in hospice care Saturday in Long Island, New York.
Katz became the first chief information and security officer (CISO) in history in 1995 when Citicorp named him to the then newly-created role. Katz was brought on not long after Vladimir Levin engineered the first big-money heist by hacking into Citibank's computer systems and stealing $10 million. Katz also served in cybersecurity roles at J.P. Morgan and Merrill Lynch.
Claude Mandy, chief evangelist, data security at Symmetry Systems, said that Katz taught the industry how to be transparent following a breach.
“Having joined Citicorp post breach, the transparency that Steve offered into the incident, root causes, broader security posture, and Citicorp’s remediation plans, remains a guide for CISOs today,” said Mandy.
Tributes, accolades, and outpourings of grief mixed with appreciation for Katz’s generosity, and ability to spot and mentor cybersecurity talent have poured in since his passing Dec. 2.
Jim Routh — best known for his CISO roles at Mass Mutual and Aetna, and creating the CISO role for American Express 20 years ago — has been the point person for keeping the industry informed of Katz’s passing.
“In the world of cybersecurity, where the digital battlefield is ever-evolving and relentless, there are a few individuals who shine as beacons of wisdom, kindness, and unwavering support,” said Routh in a long LinkedIn post. “We’ve lost our dear mentor, friend, and cybersecurity luminary. Steve embodied these qualities in the most exceptional way. We celebrate not only his contributions to the industry but also the profound impact he has had on each of us.”
Routh went on to say that Katz’s insights into the world of cybersecurity have shaped the industry in ways that few can claim. As one of the founders and thought leaders for the Financial Services Information Sharing and Analysis Center (FS-ISAC), he laid the foundation for collaboration and information sharing across industries — a principle he passionately advocated as paramount to improving cyber resilience.
Steve Silberstein, chief executive officer at FS-ISAC, said Katz was a shining example of cybersecurity leadership and a pivotal figure in championing what's now the modern standard on how financial institutions manage cyber risk. Silberstein said Katz helped create the model of sharing cyber intelligence and best practices between security leaders across the industry, which evolved into the global organization FS-ISAC is today.
"It could not have been done without Steve, and we are ever thankful for his contributions," said Silberstein. "He was not only a pioneer in our industry, but also a mentor to so many of today's leaders. He will be deeply missed.”
Katz's track record as an innovator are well-documented, but Routh said Katz’s dedication to mentoring is where his impact truly shined.
“He understood that knowledge is not to be hoarded, but to be shared,” said Routh. “Steve believed in lifting others up and nurturing the next generation of cybersecurity professionals. His guidance was rock-solid, his advice simple and direct, and his mentorship transformative. Many of us owe a great deal of our professional success to his unwavering guidance and support over the years. He didn't just teach us about firewalls and encryption, he instilled in us a mindset of continuous learning, adaptability, and a commitment to the greater good of cyber resilience. His mentorship was not just about technical knowledge; it was about cultivating the qualities of character and leadership that are essential in our field.”
Chenxi Wang, founder and general partner at Rain Capital, was one of the many people Katz mentored when he became the first person to hire her as an intern in 1996 in Citibank's CISO office.
“He was not only a visionary leader, but a mentor and one of my biggest supporters over the years. He believed in me before I believed in myself," said Wang. "I remember him saying, back in 1996, 'Brick and motor banking may go away, but banking will not.'
Looking back today, Wang said it was such a forward-thinking statement.
"Working for Steve was like being part of a big family. I still keep in touch with some of my colleagues back then, which shows you what a leader Steve was," she continued. "I will deeply miss his guidance, his kindness, and his friendship.”
Patrick Hinojosa, chief operating office of Stellar PR and a former chief technology officer at Panda Security, added that Katz's journey into computer security was far from deliberate. As with many of his contemporaries, he didn't seek out the field: it found him.
“In an era where the concept of IT security was nascent, Steve stood out simply because he showed an interest in safeguarding crucial computing equipment — known as 'Big Iron' — within the [management information system] MIS department,” said Hinojosa. “His initial foray into the realm of what would become IT security was less about pursuit and more about being the right person in the right place. Yet, it was his blend of dogged determination and sharp intellect that transformed this serendipitous assignment into a pioneering career, marking him as a luminary in the ever-evolving landscape of IT security.”
Ira Winkler, Field CISO and vice president at CYE, said he met Katz early in Katz's tenure at Citibank and stayed in touch with him. Winkler was one of the main technical investigators on the Citibank hack back in the 1990s.
“We connected initially to talk about what I found and knew about the crime and the internal architecture and remained friends over the years,” said Winkler. “He was the epitome of what you would refer to as a kind and gentle person. Clearly, he was also technically brilliant, but to me he was just an awesome person to be around whenever the opportunity presented itself.”
Katz was also a close collaborator with CyberRisk Alliance (CRA), publisher of SC Media. Just two years ago, Katz did a podcast with CRA on making cybersecurity simple.
Parham Eftekhari, executive vice president of CRA Communities, recalled the role Katz played early in the life of CRA’s Cybersecurity Collaborative: "When I first joined CRA, he was one of our first ambassadors and helped us take our CISO community from a handful of leaders to the 1,200+ member community we are today."